How to disable for a fork? #2804
Comments
|
This is happening in CPython repo as well which has 17K forks. It would help us greatly if dependabot can be disabled in forks. Thanks. |
|
We're aware of this issue and planning a fix. The workaround for now is to delete the fork and re-create it without enabling Dependabot security updates. Dependabot version updates (setup from config file) isn't enabled by default on new forks but will be if security updates has ever been turned on and since disabled. |
|
Thanks for clearly communicating! Any "ish" timeline on this? (I have unrelated issues in the forks, so deleting and recreating isn't quite as easy as it could be.) |
|
@patcon we'll get to it in the next couple of months :/ going to bump it up again with the team and see if we can get to it sooner. |
|
Getting this issue on a fork of https://github.com/EFForg/https-everywhere Disabling actions did not prevent new PRs being generated |
|
Seems to be a duplicate of #2198 |
feelepxyz
added
the
F: noise
|
@feelepxyz bumping it again, as it has been three months since this comment in #2804 (comment)
|
|
The workaround also doesn't work for forks I want private because I cannot change visibility of a (Github) fork, so I'm mirroring instead. Would the solution here also allow us to disable dependabot in mirrored repositories? |
Workaround until there is a fix for dependabot/dependabot-core#2804
|
I think there is a need to act here because each fork has a master branch that cannot be changed from upstream after the fork is created. Those dependabots from forks will run infinite! At least as long as the owner of the fork does not fix his master branch what is expectable for 99% of the forks. Thinking global, this is a totally unneeded wast of resources and energy ... |
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Since currently dependabot cannot be disabled on forks, remove dependabot.yml For more info: dependabot/dependabot-core#2804 Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
github-actions
bot
added
L: docker
and others
I enabled Dependabot for a fork (https://github.com/hugovk/pytest), to make sure it was working smoothly before creating a PR to add it upstream (https://github.com/pytest-dev/pytest). Upstream is now using it, it's working well, thanks!
However, I now want to disable Dependabot for my fork but cannot find a way.
https://app.dependabot.com/accounts/hugovk says:
At https://github.com/settings/installations/8631454, Dependabot Preview only has access to other repos:
At https://github.com/hugovk/pytest/settings/security_analysis I have everything disabled:
Deleting https://github.com/hugovk/pytest/blob/master/.github/dependabot.yml is not an option, because this is a fork, and it needs to be kept in sync with upstream.
How can I disable Dependabot for my fork?
Package manager/ecosystem
Python
Manifest contents prior to update
https://github.com/hugovk/pytest/blob/master/.github/dependabot.yml
https://github.com/hugovk/pytest/blob/master/testing/plugins_integration/requirements.txt
Edit: as the 2022-11-24 solution is obscured by the thousands of hidden items below, here it is for clarity:
The text was updated successfully, but these errors were encountered: